Statutes of the Passenger Name Record Database
Passed 08.02.2019 No. 6
RT I, 12.02.2019, 8
Entry into force 15.02.2019
Amended by the following legal instruments (show)
| Passed | Published | Entry into force |
|---|---|---|
| 06.08.2019 | RT I, 07.08.2019, 3 | 10.08.2019 |
The Regulation is established on the basis of subsection 252 (2) of the Police and Border Guard Act.
Chapter 1 General Provisions
§ 1. Establishment of passenger name record database
(1) The Regulation establishes a database with the official passenger name record database (hereinafter database) and approves the statutes of the database.
(2) The official abbreviation of the database is BRIIS.
§ 2. Chief processor and authorised processor of database
(1) The chief processor of the database is the Police and Border Guard Board.
(2) The authorised processor of the database is the Information Technology and Development Centre of the Ministry of the Interior.
§ 3. Method of maintenance and composition of database
(1) The database shall be maintained as a digital database. Data are processed by automatic means.
(2) The security level of the database is M (medium), and its security class is K2T1S2.
(3) The database is interfaced with the information systems’ data exchange layer X-Road (hereinafter X-road).
§ 4. Data to be entered in database
(1) The following data shall be entered in the database:
1) passenger name record data of air passengers;
2) data generated by analysing passenger name record data of air passengers.
(2) Passenger name record data of air passengers are:
1) given name(s) and surname(s);
2) date and place of birth;
3) nationality or nationalities;
4) gender;
5) address of residence, telephone number and e-mail address;
6) type, number, country of issuance and expiry date of travel document;
7) passenger name record locator, date of reservation or issue of ticket;
8) date(s) of intended travel;
9) complete itinerary for reserved travel;
10) frequent flyer information;
11) travel agency and travel agent information;
12) travel status of passenger, including confirmations, check-in status, no-show or go-show information and information about whether the passenger is travelling with a minor without a seat;
13) passenger name record for next travel;
14) ticketing field information and one-way tickets, including ticket number, date of ticket issuance, ticket fare quote fields;
15) seat number, and other seat information;
16) baggage information;
17) number and other names of travellers on the passenger name record;
18) forms of payment information, including billing address and credit card information;
19) information on the flight in connection with which the passenger name record was provided, including the air carrier, flight number, departure date and arrival date, departure time and arrival time, departure port and arrival port, and code share information;
20) additional service information, including all available information on unaccompanied minors, language(s) spoken, name and contact details of guardian on departure and relationship to the minor, name and contact details of guardian on arrival and relationship to the minor, departure and arrival agent.
(3) Data generated by analysing passenger name record data of air passengers are:
1) passenger reference;
2) surveillance list or risk criterion reference;
3) time of matches with the surveillance list or risk criterion;
4) data concerning related activities.
(4) In addition to the data set out in subsection (1) of this section, any changes made to the data after the passenger name record was first submitted by the air carrier shall be entered into the database.
§ 5. Protection of data in database
The chief processor and the authorised processor of the database shall take organisational and technological measures to ensure integrity, protection and preservation of data.
Chapter 2 Presentation and processing of data
§ 6. Providers of data
(1) Data for the database are provided by:
1) air carrier, pursuant to subsection 97 (1) of the State Borders Act;
2) authority, referred to in subsection 253 of the Police and Border Guard Act.
(2) The database exchanges data with the following databases:
1) database of persons who have acquired or lost Estonian citizenship, or to whom Estonian citizenship has been restored;
2) database of aliens staying or having stayed in Estonia illegally;
3) register of residence permits and work permits;
4) Interpol databases;
5) database of identity documents;
6) border control database;
7) police database;
8) state register of Schengen information system;
9) national register of prohibitions on entry;
10) visa information system;
11) visa register;
12) database of registration of short-term employment of aliens in Estonia.
§ 7. Entry of data in database
(1) Procedures related to entry of data in the database, and processing of entries are:
1) entry of data in the database;
2) deletion of data;
3) pseudonymisation of data;
4) re-personalisation of pseudonymised data.
(2) Where possible, the procedures referred to clauses (1) 1) to 3) of this section in automated manner. By way of exception, the procedures referred to clauses (1) 1) to 3) of this section shall be carried out manually by a staff member of the chief processor promptly after having received data from the data provider.
(3) Re-personalisation of pseudonymised data shall be carried out by a person appointed by the chief processor, taking into account the provisions of subsections 252 (6) and (7) of the Police and Border Guard Act, and section of 10 of this Regulation.
§ 8. Provision of passenger name record data by air carrier
(1) An air carrier shall provide passenger name record data in their unamended form and via a secure electronic channel created for such purpose by the chief processor.
(2) The air carrier shall provide the passenger name record data:
1) 24 to 48 hours before the flight designated departure time;
2) immediately after boarding has completed.
(3) Based on a request of the chief processor of the passenger name record database, the air carrier shall provide passenger name record data at a time other than the time specified in this subsection (2).
(4) If passenger name record data are provided in accordance with the procedure specified in clause (2) 2) of this section, the air carrier's obligation may be limited to merely updating the data.
(5) The air carrier shall transfer name record data applying secure measures, using the protocols and supporting data formats intended for such purpose in line with the Commission Implementing Decision (EL) 2017/759. If such protocols and supporting data formats are not available, the air carrier shall transfer passenger name record data using electronic means that provide sufficient safeguards in respect of the technical security and organisational measures applicable to data processing.
(6) If the data carrier has gathered any advance passenger information listed in Annex I to the Directive (EU) 2016/681, they shall forward such information to the chief processor.
(7) In the event of technical failure, passenger name record data shall be transferred by any other appropriate means ensuring a level of data security that is equal to that applied before such technical failure, and by observing the rules set forth in legislation governing protection of personal data.
(8) Passenger name data record of air passengers arriving in Estonia shall be transferred even if the flight has a stop-over before arriving in Estonia, or if the air passenger's flight has a connection on the territory of another Member State of the European Union or a third country.
(9) Where the flight is code-shared between one or more air carriers the obligation to transfer the passenger name record data of all passengers on the flight shall be on the air carrier that operates the flight.
§ 9. Criteria of processing passenger name record data
(1) Criteria applied to evaluation of passengers referred to in clause 254 (1) 1) of the Police and Border Guard Act, shall be targeted, proportionate and specific.
(2) Criteria, as well as the decision taken on the basis analysing air passengers, shall not be based on a person's race or ethnic origin, religion or belief, political or any other opinion, trade union membership, health, sexual life or sexual orientation, or another discriminating circumstances.
§ 10. Pseudonymisation and re-personalisation of passenger name record data
(1) In the course of pseudonymisation data, which allow establishing the identity of a passenger, including data set out in clauses 252 (3) 1), 5), 6), 10), 17), 18) and 20) of the Police and Border Guard Act, are hidden.
(2) If the request to re-personalise data, listed in subsection 252 (6) of the Police and Border Guard Act, is satisfied, such action shall be taken forthwith.
(3) When a request to re-personalise data, listed in subsection 252 (6) of the Police and Border Guard Act, is received, the authorised processor of the chief processor shall provide reasons for refusing to carry out the requested action as soon as possible, however not later than within five working days following the date when the request was received.
(4) A request to re-personalise data, listed in subsection 252 (6) of the Police and Border Guard Act, and the decision allowing said data to be re-personalised, or the reasons for refusal to satisfy such request shall be retained for a period of five years, but not longer than the passenger name record data constituting the basis of such decision.
§ 11. Retaining of false positive matches
(1) False positive matches may be retained to avoid in future matches occurring on the same basis.
(2) False positive matches shall be retained for a period of up to five years from the date of making the entry.
§ 12. Logging of personal data processing activities
(1) Logging of personal data processing activities shall take place in accordance with section 36 of the Personal Data Protection Act.
(2) Logs related to processing of personal data shall be retained for a period of up to five years from the date of making the entry, but not longer than the passenger name record data constituting the basis thereof.
§ 13. Obligation to retain information
(1) The passenger information unit shall at least retain information about:
1) the name of the unit in charge of processing of the passenger name records in the passenger information unit, the names and contact data of employees, and about different levels of access privileges;
2) requests submitted by Europol, competent authorities and passenger information units of other Member States;
3) requests submitted by third countries, and transfer of passenger name records to a third country.
(2) Information referred to in clause (1) 1) of this section shall be retained for 5 years after the employment relationship terminates, whereafter it shall be archived for a period of five years.
(3) The information listed in clauses (1) 2)–3) of this section shall be retained for a period of 5 years from the submission of the request.
§ 14. Rights and obligations of data protection officer
(1) The processing of passenger name record data shall be supervised by the data protection officer of the chief processor.
(2) The data protection officer shall have access to all data processed by the passenger information unit, to all logs and documents.
(3) The contact person of the data subject for matters concerning processing of passenger name records shall be the data protection officer.
Chapter 3 Access to database data
§ 15. Access to database data
(1) The database is subject to access restrictions and the data contained therein are intended for internal use.
(2) Access to database data is granted to officers and employees of the chief processor to the extent that it is necessary for the performance of their job duties. The right of access to the database shall be granted either by user groups or personally by the chief processor
(3) The authorised processor of the database shall have the right of access to the database for the performance of their duties and the person developing or maintaining the database has the access within the scope and on the terms and conditions set forth in the development or maintenance contract.
[RT I, 07.08.2019, 3 – entry into force 10.08.2019]
(4) The supervisory authority shall have access to data entered into the database for the performance of their statutory duties.
§ 16. Release of data from database
(1) Access to database data shall be granted:
1) via the web portal by authentication;
2) via X-road or another secure electronic data exchange channel;
3) by issuing an extract by e-mail or as a hard copy.
(2) The chief processor of the database shall release database data to an authority who has the right to receive the same pursuant to law or by legislation adopted based on law.
(3) The chief processor shall enter into an agreement with the authority, referred to in subsection (2) of this section, which shall set out the terms and conditions, the procedure and manner of releasing the data.
(4) The right of access may be granted to the authority, referred to in subsection (2) of this section, in respect of data being released to them in the manner described in clauses (1) 1)–3) of this section.
(5) The data subject or their legal representative shall be given access to data concerning the data subject in the manner described in clause (1) 3) of this section.
(6) The chief processor of the database shall keep records of when data are released, of the composition and recipients thereof.
(7) Data are released from the database free of charge.
Chapter 4 Duties of chief processor and authorised processor
§ 17. Duties of chief processor
The chief processor:
1) ensures that the database is operated in accordance with statutory requirements;
2) takes appropriate organisational, physical, and information technology security measures to ensure availability, integrity and confidentiality of the database;
3) is responsible for compliance with personal data processing requirements;
4) organises development of the database;
5) is responsible for appropriate release of database data;
6) carries out supervision over the maintenance and use of the database;
7) ensures that entitled persons have access to database data.
§ 18. Duties of authorised processor
The authorised processor:
1) ensures the availability of the information technology infrastructure necessary for hosting the database, and its technical readiness;
2) takes, along with the chief processor, any organisational, physical, information technology and data security measures compliant with the security requirements applied to the database;
3) makes suggestions to the chief processor of the database for improving the database.
Chapter 5 Supervision, financing and liquidation of database
§ 19. Supervision
(1) Supervision over the maintenance of the database shall be carried out in accordance with the Public Information Act, the Personal Data Protection Act, and other legislation governing protection of personal data.
(2) The person authorised to carry out supervision shall have the right to review the data entered in the database, and the source documents thereof, to enter the premises where the data are being processed or where the equipment used for processing the data is located, and to receive information from the chief processor concerning the release and use of the data.
(3) If any faults are identified in terms of maintaining the database, the chief processor shall remedy such faults by the deadline set out in the precept issued by the person who carries out supervision.
§ 20. Financing of database
Any costs arising from maintaining the database shall be financed from the state budget out of the financial resources allocated to the chief processor and the authorised processor for that purpose.
§ 21. Liquidation of database
The database shall be liquidated pursuant to the procedure prescribed by law.
Facebook
Twitter